The digitally pure enterprise: is it achievable and why should CFOs care?

22 May 2018:

CFO across the public and private sectors would no doubt like to believe the business information browsed, read and shared every day by everyone in their organisation is threat free.

But the likelihood is that it is not is big and there are a host of reasons for this.

Why does the security of your data matter anyway?
Partly it’s a matter of the plethora of communication channels and the rate at which they are evolving. Case in point: the average size of a web page has grown six-fold, and 67% of that page will likely be images. Chances are most cyber defence systems installed do nothing to combat threats concealed in these images. Equally, the ubiquity of social media provides an ever-increasing number of routes through which malware can be introduced, data stolen and reputational damage inflicted.

The other reason CFOs should view their cybersecurity defences with a healthy dose of scepticism is the sophistication being now demonstrated by cybercriminals. Of course, well-known and simple techniques are used every day to compromise organisations. But if those fail and the will is present, criminals are perfectly capable of handling and using the kind of complexity that was once the preserve of government agencies.

Either way, the fact is that from documents and spreadsheets to images and PDFs, digital content – the essential life-blood of business and commerce – is the carrier of choice for the cyberthreats used by today’s attackers.

Cybersecurity professionals have long been concerned with the threat posed by digital content. The last 25 years have seen an on-going “arms race” in which the criminal has continually had the upper hand. Initially, anti-virus provided some rudimentary respite until it became apparent that defences based on detection could be easily breached by “evolving” the threat so that it changed slightly every time it was used.